Patent 
10002170-2 

COMPLETE SET OF PENDING CLAIMS 

1 . (Original) A secure network configured to carry data, comprising: 

a plurality of network bubbles, each network bubble having a plurality of bubble 
partitions, each bubble partition having at least one network device configured to transmit 
and receive data, and all of the network devices corresponding to at least one of the plurality 
of network bubbles have the same network security policy; and 

a plurality of network control points, each network control point including one or 
more network control point devices having at least one interface, wherein each of the 
plurality of bubble partitions is connected to at least one network control point to form a 
bubble boundary, the network control point is used to provide a connection between any two 
network devices, and wherein at least one of the network control point devices is configured 
to enforce the network security policy of the network bubble that is connected to the network 
control point device. 

2. (Original) A secure network as defined in claim 1, further comprising a 
plurality of inter-bubble devices, each inter-bubble device is configured to connect at least 
two of the plurality of network bubbles to one another and to enforce the network security 
policy of each of the plurality of network bubbles that the inter-bubble device is connected to. 

3. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions that belong to the same bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the 
plurality of bubble partitions. 
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4. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions has unrestricted network connectivity to all other bubble 
partitions within the same bubble. 

5. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions is defined by an address range. 

6. (Original) A secure network as defined in claim 5, wherein each of the 
network devices in each of the plurality of bubble partitions has an address contained within 
the address range. 

7. (Original) A secure network as defined in claim 6, wherein each address 
exists in only one of the plurality of bubble partitions. 

8. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of network control points ensures source address integrity at each bubble boundary. 

9. (Original) A secure network as defined in claim 1, wherein each of the 
plurality of bubble partitions is connected to at least two network control point devices to 
achieve high availability in the case of a failed interface or network control point device. 

10. (Original) A secure network as defined in claim 1, wherein data may be 
transmitted between two network devices in different bubble partitions of the same network 
bubble without restriction by the network bubble boundaries. 
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1 1 . (Original) A secure network as defined in claim 1 , wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external 
to all of the plurality of network bubbles. 

12. (Original) A secure network as defined in claim 11, wherein each of the 
plurality of network control points ensure source address integrity across the virtual 
backbone. 

13. (Original) A secure network as defined in claim 1, wherein each network 
device connects to only one network control point. 

14. (Original) A secure network as defined in claim 1, wherein the total 
number of network control points is greater than the number of network control points 
connected to any one particular bubble partition. 

15. (Original) A secure network as defined in claim 1, wherein all data 
transmitted from one network device to another network device traverses only one network 
control point. 

16. (Original) A secure network as defined in claim 1, wherein all data 
transmitted from one network device to another network device traverses only two network 
control points. 
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17. (Currently amended) A secure network configured to transmit data, 
comprising: 

a first and a second network bubble, each network bubble having a distinct network 
security policy and a plurality of bubble partitions, each bubble partition having a plurality of 
network devices configured to transmit and receive data; and 

a plurality of network control points connecting the first network bubble to the second 
network bubble , each network control point having one or more network control point 
devices, each network control point device having at least one interface, wherein each bubble 
partition is connected to at least one and no more than two network control points to provide 
a connection between a network device in the first network bubble and a network device in 
the second network bubble, and wherein each one of the network control point devices is 
configured to enforce the network security policy of at least one of the network bubbles. 

18. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in 
the second network bubble traverses only one network. control point. 

19. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in 
the second network bubble traverses only two network control points. 

20. (Original) A secure network as defined in claim 17, wherein all data 
transmitted from one network device in the first network bubble to another network device in 
the second network bubble traverses more than two network control points. 
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21. (Original) A secure network as defined in claim 17, wherein the network 
control point enforces source integrity for all bubble partitions that are connected to it. 

22. (Original) A secure network as defined in claim 17, wherein each bubble 
partition connects to only one network control point. 

23. (Original) A secure network as defined in claim 17, further comprising an 
interbubble device configured to connect the first network bubble to the second network 
bubble and to enforce the network security policy of the first and second network bubble. 

24. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions that belong to the same bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the 
plurality of bubble partitions. 

25. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions has unrestricted network connectivity to all other bubble 
partitions within the same network bubble. 

26. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions is connected to at least two network control point devices to 
achieve high availability in the case of a failed interface or network control point device. 

27. (Original) A secure network as defined in claim 17, wherein each of the 
plurality of bubble partitions is defined by an address range. 
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28. (Original) A secure network as defined in claim 27, wherein each of the 
plurality of network devices in each of the plurality of bubble partitions has an address 
contained within the address range. 

29. (Original) A secure network as defined in claim 28, wherein each address 
exists in only one of the plurality of bubble partitions. 

30. (Original) A secure network as defined in claim 17, wherein data may be 
transmitted between two network control point devices in different bubble partitions of the 
same network bubble without restriction by the plurality of network control points. 

31. (Original) A secure network as defined in claim 17, wherein the plurality 
of network control points are coupled to one another and form a virtual backbone that is 
external to the first and the second network bubble. 

32. (Original) A secure network as defined in claim 31, wherein each of the 
plurality of network control points ensure source address integrity across the virtual 
backbone. 

33. (Currently amended) A secure network as defined in claim 17, further 

r 

comprising an interbubble device configur e d to connect ed to the first network bubble andte 
the second network bubble without being connected to the plurality of network control points 
and configured to enforce the network security policy of the first and the second network 
bubble. 
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34. (Original) A secure network configured to carry data, comprising: 

a plurality of network bubbles, each network bubble having a plurality of bubble 
partitions, each bubble partition having at least one network device configured to transmit 
and receive data, and all of the network devices corresponding to at least one of the plurality 
of network bubbles having the same network security policy; and 

a plurality of network control points, each network control point including one or 
more network control point devices having at least one interface, wherein each bubble 
partition is connected to only one network control point, which is used to provide a 
connection between any two network devices of different bubbles, and wherein each one of 
the network control point devices is configured to enforce the network security policy of the 
network bubble that the network control point device is connected to and wherein when data 
is transmitted from one network device to another network device, two network control 
points are traversed. 

35. (Original) A secure network as defined in claim 34, further comprising a 
plurality of inter-bubble devices, each inter-bubble device is configured to connect at least 
two of the plurality of network bubbles to one another and to enforce the network security 
policy of each of the plurality of network bubbles that it is connected to. 

36. (Original) A secure network as defined in claim 34, wherein each of the 
plurality of bubble partitions has unrestricted network connectivity to all other bubble 
partitions within the same network bubble. 
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37. (Original) A secure network as defined in claim 34, wherein all data 
transmitted between two devices in different bubble partitions of the same network bubble 
traverse one or more network control points. 

38. (Original) A secure network as defined in claim 34, wherein each of the 
plurality of bubble partitions that belong to the same bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the 
plurality of bubble partitions. 

39. (Original) A secure network as defined in claim 34, wherein the plurality 
of network control points are coupled to one another and form a virtual backbone that is 
external to all of the plurality of network bubbles. 

40. (Original) A secure network as defined in claim 39, wherein each of the 
plurality of network control points ensure source address integrity across the virtual 
backbone. 

41. (Original) A secure network as defined in claim 34, wherein each network 
device connects to only one network control point. 

42. (Original) A secure network as defined in claim 34, wherein each of the 
plurality of bubble partitions is defined by an address range. 
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43. (Original) A secure network as defined in claim 34, wherein each of the 
network devices in each of the plurality of bubble partitions has an address contained within 
the address range. 

44. (Original) A secure network as defined in claim 43, wherein each address 
exists in only one of the plurality of bubble partitions. 

45.. (Original) A secure network as defined in claim 34, wherein data may be 
transmitted between two network devices in different bubble partitions of the same network 
bubble without restriction by the plurality of network control points. 

46. (Original) A secure network as defined in claim 34, wherein each of the 
plurality of network control points ensures source address integrity at the connection between 
any two network devices of different bubbles. 

47. (Original) A secure network as defined in claim 34, wherein each of the 
plurality of bubble partitions is connected to at least two network control point devices to 
achieve high availability in the case of a failed interface or network control point device. 
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